Yesterday, the Senate Committee on Commerce, Science, and Technology and the Senate Committee on Homeland Security and Government Affairs held a hearing titled, “The Cybersecurity Partnership Between the Private Sector and Our Government: Protection Our National And Economic Security,” in which the recent Executive Order on voluntary cybersecurity standards was discussed extensively.
- The Executive Order directs agencies to look into incentives that can be used under existing law to encourage businesses to opt into the voluntary cybersecurity standards. Secretary of Homeland Security Janet Napolitano revealed that amongst the incentives that DHS is considering are a federal procurement preference and granting some sort of governmental seal of approval. Napolitano contends that the market in and of itself has not provided sufficient incentive for all businesses to raise their cybersecurity standards.
- Senator Jay Rockefeller (D-WV), Chairman of the Commerce Committee, and Secretary Napolitano agreed that H.R. 624, the Cyber Intelligence Sharing Protection Act (CISPA), is “wholly insufficient.” Rockefeller particularly stressed that cybersecurity is not an issue that Congress can afford to revisit every year in a piecemeal fashion, and a more comprehensive bill must be pursued. Napolitano agreed, citing perceived insufficiencies in CISPA, such as the lack of privacy concerns and authorizing the NSA to establish standards and share information instead of a civilian agency.
- Senator Mark Warner (D-VA) voiced concern about unintended consequences that could arise from voluntary standards. Particularly, he was concerned that the standards could create a free rider problem, stagnant standards, or entrenched standards. Complying with stagnant standards, he worried, would be both dangerous and potentially wasteful. He was also concerned that entrenched standards could create a costly, complex barrier to entry for new businesses in certain industries.
What’s currently being done?
The Cybersecurity Act of 2012, that was defeated in the Senate in August, provides strengthened protection against cyber attacks in the federal government and in private, critical infrastructure systems. The bill would allow the government and private enterprises the ability to share information about threats more easily. In the absence of legislation, the Obama administration has indicated that it is prepared to move forward with an Executive Order that addresses key issues.
Is the legislation dead?
Not exactly. While the Cybersecurity Act of 2012, which is a bipartisan bill supported by a majority of Senators, did not survive a procedural vote in August, Senate Majority Leader Harry Reid (D-NV) has stated that the bill will be revisited after the November elections. Secretary of Defense Leon Panetta and General David Alexander, head of U.S. Cyber Command have both urged congressional action on cybersecurity after the election.
What’s the difference between the potential Executive Order and legislation?
The Executive Order would set policy under current law in regards to cybersecurity standards on critical infrastructure. The Executive Order cannot provide liability protection. A cybersecurity bill that passed the House in April and the Senate Cybersecurity Act both provided liability protection for private entities that shared information regarding cyber threats with the Administration. Without the incentive of liability protection, an Executive Order cannot be as effective as legislation.
After failing to pass the Cybersecurity Act of 2012, Congress began its August recess on Friday with members of the House and Senate out of town until the second week of September. At the state level, Georgia voters shot down a one cent state sales tax that would have helped fund infrastructure improvements across the state.
On the Hill
On August 2, the Cybersecurity Act of 2012 failed to survive a cloture vote. The bill would have imposed stricter networking standards on American utilities to prevent fraudulent access or cyber-terrorism. Although the stricter measures on critical infrastructure such as railroads, water treatment facilities, and power plants were loosened from mandatory to voluntary, the bill’s critics cited privacy concerns and new costs to businesses in their opposition. President Obama had penned a rare op-ed stressing the necessity of the bill.
On July 25, Congress passed the Sequestration Transparency Act, which would require the Obama Administration to detail specifically the $1.2 trillion in budget cuts that are scheduled to take place on January 2, 2013. If President Obama signs the bill, the Office of Management and Budget (OMB) would have 30 days to report its future sequester cuts to Congress. While most federal programs will experience mandatory cuts, the Highway Trust Fund may be exempt depending on the OMB’s interpretation of the Budget Control Act of 2011.
Sen. Jim DeMint (R-SC) has blocked the nomination of Michael Huerta to Administrator of the Federal Aviation Administration, and indicated that he may object to approval of any nominations until next year. Huerta has been Acting Administrator of the FAA since last year. Sen. DeMint cited his desire to hold the vote after the election, as the nomination is to a five-year term.
In the seven months leading up to the August recess, Congress has considered a number of bills that impact infrastructure development, but only passed the Moving Ahead for Progress in the 21st Century Act, which reauthorizes surface transportation programs, leaving several infrastructure-related legislative priorities unresolved. While the House has passed H.R. 5972, the Transportation, Housing and Urban Development, and Related Agencies Appropriations Act, and H.R. 5325, the Energy and Water Development and Related Agencies Appropriations Act, the Senate has yet to vote on the equivalents. Additionally, neither body has acted on bills to reauthorize Coast Guard activities (H.R. 5887/S. 1665). Further, other infrastructure bills remain stalled, such as H.R. 6026, the DREDGE Act, which would allow the Army Corps of Engineers to dredge the Mississippi River to accommodate larger vessels traveling from the expanded Panama Canal. It is very unlikely that Congress will complete work on any major infrastructure legislation with the limited time remaining in the legislative year. Action on appropriations is expected to come in a six month continuing resolution, setting overall spending levels at those authorized by the Budget Control Act. As such, additional funding and major authorization questions will remain until the new Congress convenes next year.
At the Agencies
The Transportation Security Administration (TSA) and the American Federation of Government Employees (AFGE) have reached a labor agreement for the representation of TSA’s 43,000 employees. The labor contract, which includes collective bargaining, will require a vote from TSA employees to go into effect. AFGE was elected by TSA employees in June and has been negotiating the terms of the labor agreement since. The terms of the agreement have not been released.
The National Petroleum Council (NPC), the federal advisory committee to the Secretary of Energy, released itsAdvancing Technology for America’s Transportation Future report. The report predicts that internal combustion fueled engines will still reign as the leading vehicular propulsion system in 2030. The NPC believes that vehicles powered by compressed natural gas, not electric batteries, will be the closest competitor to combustion engines, assuming the price of natural gas remains low. However, the report states that the lack of infrastructure supporting compressed natural gas engines would be a considerable barrier to their success.
In the States
New York: Governor Andrew Cuomo is considering a plan that will reallocate $47 million in funds intended for work on roads and bridges within Seneca Nation of Indians (SNI) territory if a resolution is not reached quickly to allow important transportation work to proceed. The project to reconstruct 11.5 miles of Interstate 86 stalled when SNI leaders demanded “exorbitant” new fees for work within the territory and failed to negotiate with New York state. In an effort to solve this dispute, New York has proposed allowing the SNI to take its fee from the more than $400 million in revenue the Senecas still owe the state relating to its three Western New York casinos. The work scheduled for SNI territory has a combined cost of over $40 million and would create hundreds of construction jobs.
Georgia:The proposed transportation sales tax that we discussed in our last alert was voted down in nine of twelve multi-county regions. The Transportation Special Purpose Local Option Sales Tax (T-SPLOST) was a one cent state sales tax that would have helped fund infrastructure improvements throughout Georgia. If passed, the tax would have provided $18 billion for road and transit projects in the state, including $6.1 billion going to the metro Atlanta area. Although advocates of the plan had hoped that the largely Democratic Atlanta region would provide a base of support for the tax, over 63 percent of voters voted against the referendum.
Massachusetts: The Massachusetts Senate has passed a nearly $1.4 billion transportation bond bill to fund infrastructure projects throughout the state. The bill is aimed at maintaining and repairing the Commonwealth’s existing infrastructure and creating jobs throughout the state.
Virginia: Gov. Bob McDonnell announced that Virginia has entered into a public-private partnership to construct 29 miles of HOV/HOT lanes on I-95. The construction will create 8,000 jobs and approximately $2 billion in economic activity. Two private companies have agreed to finance $854 million of the project’s estimated $925 million price tag in exchange for a 76 year concession period on the stretch of road. Virginia will maintain ownership of the infrastructure. The construction will begin next month and is slated to be completed in 2014.
Lest one question the severity of the evolving challenges in our rapidly growing cyber world, President Obama has crystallized it succinctly: (1) "cyber threat is one of the most serious economic and national security challenges we face as a nation;" and (2) "America’s economic prosperity in the 21st century will depend on cybersecurity." In other words, President Obama has declared cybersecurity to be a national security priority.
Our firm has just posted an alert.(pdf) on "The White House's 'Progress' Report on Cybersecurity: There's a Long Road Ahead." We hope you find this information beneficial and informative.